Privacy Policy
1. Data Controller
Fulvisol Oy (Business ID 2399369-0)
Turkhaudantie 5, 00700 Helsinki, Finland
Our website address is: https://www.fulvisol.com
2. Contact Person for Data Protection Matters
Petri Surakka, Fulvisol Oy
Email: gdpr@fulvisol.com
Fulvisol Oy is committed to complying with the Finnish Data Protection Act and the EU GDPR Data Protection Regulation. We are also committed to protecting the privacy of our customers.
3. Name of the Register
The company’s customer and marketing register.
4. Legal Basis and Purpose of Processing Personal Data
The legal basis for processing personal data in accordance with the EU General Data Protection Regulation is:
- consent of the individual (documented, voluntary, specific, informed, and unambiguous)
- a contract to which the data subject is a party
- the legitimate interest of the controller (e.g., customer relationship prior to a contract, employment relationship, membership).
The purpose of processing personal data is communication with customers, maintenance of customer relationships, marketing, etc. Data is not used for automated decision-making or profiling.
5. Data Content of the Register
Information stored in the register includes: individual’s name, position, company/organization, contact details (phone number, email address, address), website addresses, network connection IP address, IDs/profiles in social media services, information on ordered services and their changes, billing information, other information related to the customer relationship and ordered services.
We retain your data only for as long as necessary.
IP addresses of website visitors and cookies necessary for the functions of the service are processed on the basis of legitimate interest, e.g., to ensure data security and to collect statistical data on website visitors in cases where they can be considered personal data. For third-party cookies, separate consent will be requested if necessary.
6. Regular Sources of Data
Data stored in the register is obtained from the customer, e.g., via messages sent through web forms, by email, by phone, through social media services, from contracts, customer meetings, and other situations where the customer provides their data.
Information on contact persons of companies and other organizations may also be collected from public sources such as websites, directory services, and other companies.
7. Regular Disclosures of Data and Transfer of Data Outside the EU or EEA
Data is not regularly disclosed to other parties. Data may be published to the extent agreed upon with the customer. Data may also be transferred by the controller within the EU or EEA.
The controller may also process data at its location in the United Kingdom (UK). The European Commission has issued an adequacy decision for the United Kingdom, ensuring the secure transfer and processing of data.
Data will not be transferred to the United States without the explicit consent of the data subjects.
8. Right of Access and Right to Request Correction of Information
Every person in the register has the right to check their data stored in the register and demand the correction of any incorrect information or the supplementation of incomplete information. If a person wishes to check the information stored about them or demand a correction, the request must be sent in writing to the controller. The controller may, if necessary, request the person making the request to prove their identity. The controller will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within one month).
9. Other Rights Related to the Processing of Personal Data
A person in the register has the right to request the deletion of personal data concerning them from the register (“right to be forgotten”). Likewise, data subjects have other rights in accordance with the EU General Data Protection Regulation, such as the restriction of processing personal data in certain situations. Requests must be sent in writing to the controller. The controller may, if necessary, request the person making the request to prove their identity. The controller will respond to the customer within the time stipulated in the EU Data Protection Regulation (generally within one month).